diff options
author | Jo-Philipp Wich <jo@mein.io> | 2016-11-06 16:47:23 +0100 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2016-11-06 16:47:23 +0100 |
commit | 37df903ae8efd88d740b1ed8cc2e0ae384226dd6 (patch) | |
tree | d6690941ae0c47c1cd69605b71cb4a3689d4d0be | |
parent | 227530375704f8aa5ae3af0b88d7749f7cf7e7d0 (diff) | |
download | firewall3-37df903ae8efd88d740b1ed8cc2e0ae384226dd6.tar.gz |
iptables: rework extension loader
Now that we wrap xtables_register_match() and xtables_register_target() we do
not need to load the extensions ourselves anymore since there is no need to
keep the library handles for dlclose().
Switch to libxtables own loader by invoking xtables_find_match() and
xtables_find_target() with XTF_TRY_LOAD .
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r-- | iptables.c | 46 |
1 files changed, 9 insertions, 37 deletions
@@ -535,36 +535,14 @@ get_protoname(struct fw3_ipt_rule *r) return NULL; } -static bool -load_extension(struct fw3_ipt_handle *h, const char *name) -{ - char path[256]; - void *lib; - const char *pfx = (h->family == FW3_FAMILY_V6) ? "libip6t" : "libipt"; - - xext.retain = true; - - snprintf(path, sizeof(path), "/usr/lib/iptables/libxt_%s.so", name); - if (!(lib = dlopen(path, RTLD_NOW))) - { - snprintf(path, sizeof(path), "/usr/lib/iptables/%s_%s.so", pfx, name); - lib = dlopen(path, RTLD_NOW); - } - - xext.retain = false; - - return !!lib; -} - static struct xtables_match * find_match(struct fw3_ipt_rule *r, const char *name) { struct xtables_match *m; - m = xtables_find_match(name, XTF_DONT_LOAD, &r->matches); - - if (!m && load_extension(r->h, name)) - m = xtables_find_match(name, XTF_DONT_LOAD, &r->matches); + xext.retain = true; + m = xtables_find_match(name, XTF_TRY_LOAD, &r->matches); + xext.retain = false; return m; } @@ -630,20 +608,14 @@ find_target(struct fw3_ipt_rule *r, const char *name) { struct xtables_target *t; - if (is_chain(r->h, name)) { - t = xtables_find_target(XT_STANDARD_TARGET, XTF_DONT_LOAD); - - if (t) - return t; - - load_extension(r->h, "standard"); - return xtables_find_target(XT_STANDARD_TARGET, XTF_LOAD_MUST_SUCCEED); - } + xext.retain = true; - t = xtables_find_target(name, XTF_DONT_LOAD); + if (is_chain(r->h, name)) + t = xtables_find_target(XT_STANDARD_TARGET, XTF_TRY_LOAD); + else + t = xtables_find_target(name, XTF_TRY_LOAD); - if (!t && load_extension(r->h, name)) - t = xtables_find_target(name, XTF_DONT_LOAD); + xext.retain = false; return t; } |